Assessing the risk of the August security updates

Assessing the risk of the August security updates

Today we released 13 security bulletins. Two have a maximum severity rating of Critical, nine have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Bulletin

Most likely attack vector

Max Bulletin Severity

Max Exploit-ability

Likely first 30 days impact

Platform mitigations and key notes

MS11-057(IE)

Victim browses to a malicious webpage.

Critical

1

Likely to see reliable exploits developed within next 30 days.

MS11-058(DNS Server)

Attacker sends name resolution request to victim DNS server that is configured to issue requests to a malicious DNS server. Response from malicious DNS server to victim DNS server is improperly handled, resulting in denial of service on victim DNS server.

Critical

3

Unlikely to see exploits developed in next 30 days.

See SRD blog post for more information about exploitability and affected configurations (not all DNS servers will be vulnerable to potential attacks).

MS11-063(CSRSS)

Attacker running code on a machine already elevates from low-privileged account to SYSTEM.

Important

1

Likely to see reliable exploits developed within next 30 days.

MS11-062(NDISTAPI)

Attacker running code on a machine already elevates from low-privileged account to SYSTEM.

No exploit possible for direct code execution. This vulnerability has potential for information disclosure only.

Websites not using the Microsoft Chart Control are not vulnerable.

MS11-067(Report Viewer Web Control XSS)

Victim clicks a link with embedded Javascript causing the script to run in the context of the web site to which the link points. Target web site must have incorporated the Microsoft ReportViewer control.

Important

3

No exploit possible for direct code execution. This vulnerability has potential for information disclosure only.

Websites not using the Microsoft Report Viewer control could not be used to facilitate attack.

MS11-061(Remote Desktop Web Access Login Page XSS)

Victim clicks a link with embedded Javascript causing the script to run on the victim system in the context of the remote desktop web access server.

Important

1

Likely to see a XSS exploit, causing victim to run attacker-controlled Javascript in context of an internal Remote Desktop Web Access webpage.

MS11-059(DLL Preloading)

Victim browses to a malicious WebDAV or SMB share and opens Excel file that leverages MDAC to retrieve external data. Victim clicks through security dialog causing Excel to load a malicious DLL housed on the same WebDAV or SMB share.

Important

1

While exploiting DLL preloading cases is normally straightforward, we rarely see them exploited in the wild due to user interaction requirement.

MS11-068(Kernel)

Attacker already able to run code on a machine causes the machine to bugcheck (blue screen)

Moderate

n/a

No exploit possible for code execution. This vulnerability has potential for local denial-of-service only.

MS11-069 (.NET Framework)

Victim browses to a malicious website that attempts to run a .NET XBAP managed code application on the victim’s system. A security warning will prevent unwitting execution of XBAP applications in the Internet Zone.